TFS 1.2 sendMoveCreature NETWORKMESSAGE crash requires 187696 bytes

SixNine · Dec 28, 2023

This is the crash log - ---------------------------------------------------Signal caught: SIGSEGVT - Pastebin.com (https://pastebin.com/SF1FzZ4f)
const.h value set to #define NETWORKMESSAGE_MAXSIZE 187680
2004 line - NetworkMessage msg = NetworkMessage(getConnection()->getHeader);

C++:

void ProtocolGame::sendMoveCreature(const Creature* creature, const Position& newPos, int32_t newStackPos, const Position& oldPos, int32_t oldStackPos, bool teleport)
{   

    if (creature == player) {
        if (teleport) {
            sendRemoveTileCreature(creature, oldPos, oldStackPos);
            sendMapDescription(newPos);
        } else {
            NetworkMessage msg = NetworkMessage(getConnection()->getHeader);
            if (oldPos.z == 7 && newPos.z >= 8) {
                RemoveTileCreature(msg, creature, oldPos, oldStackPos);
            } else {
                msg.addByte(0x6D);
                if (oldStackPos < 10) {
                    msg.addPosition(oldPos);
                    msg.addByte(oldStackPos);
                } else {
                    msg.add<uint16_t>(0xFFFF);
                    msg.add<uint32_t>(creature->getID());
                }
                msg.addPosition(newPos);
                    if (otclientV8) {
                        msg.add<uint16_t>(creature->getStepDuration(true));
                    }
            }

            if (newPos.z > oldPos.z) {
                MoveDownCreature(msg, creature, newPos, oldPos);
            } else if (newPos.z < oldPos.z) {
                MoveUpCreature(msg, creature, newPos, oldPos);
            }

            if (oldPos.y > newPos.y) { // north, for old x
                msg.addByte(0x65);
                GetMapDescription(oldPos.x - awareRange.left(), newPos.y - awareRange.top(), newPos.z, awareRange.horizontal(), 1, msg);
            } else if (oldPos.y < newPos.y) { // south, for old x
                msg.addByte(0x67);
                GetMapDescription(oldPos.x - awareRange.left(), newPos.y + awareRange.bottom(), newPos.z, awareRange.horizontal(), 1, msg);
            }

            if (oldPos.x < newPos.x) { // east, [with new y]
                msg.addByte(0x66);
                GetMapDescription(newPos.x + awareRange.right(), newPos.y - awareRange.top(), newPos.z, 1, awareRange.vertical(), msg);
            } else if (oldPos.x > newPos.x) { // west, [with new y]
                msg.addByte(0x68);
                GetMapDescription(newPos.x - awareRange.left(), newPos.y - awareRange.top(), newPos.z, 1, awareRange.vertical(), msg);
            }
            writeToOutputBuffer(msg);
        }
    } else if (canSee(oldPos) && canSee(creature->getPosition())) {
        if (teleport || (oldPos.z == 7 && newPos.z >= 8)) {
            sendRemoveTileCreature(creature, oldPos, oldStackPos);
            sendAddCreature(creature, newPos, newStackPos, false);
        } else {
            NetworkMessage msg = NetworkMessage(getConnection()->getHeader);
            msg.addByte(0x6D);
            if (oldStackPos < 10) {
                msg.addPosition(oldPos);
                msg.addByte(oldStackPos);
            } else {
                msg.add<uint16_t>(0xFFFF);
                msg.add<uint32_t>(creature->getID());
            }
            msg.addPosition(creature->getPosition());
            if (otclientV8) {
                msg.add<uint16_t>(creature->getStepDuration(true));
            }
            writeToOutputBuffer(msg);
            
            checkPredictiveWalking(oldPos);
            checkPredictiveWalking(newPos);
        }
    } else if (canSee(oldPos)) {
        sendRemoveTileCreature(creature, oldPos, oldStackPos);
    } else if (canSee(creature->getPosition())) {
        sendAddCreature(creature, newPos, newStackPos, false);
    }
}

Obito · Dec 29, 2023

SixNine said:

This is the crash log - ---------------------------------------------------Signal caught: SIGSEGVT - Pastebin.com (https://pastebin.com/SF1FzZ4f)
const.h value set to #define NETWORKMESSAGE_MAXSIZE 187680
2004 line - NetworkMessage msg = NetworkMessage(getConnection()->getHeader);

C++:

void ProtocolGame::sendMoveCreature(const Creature* creature, const Position& newPos, int32_t newStackPos, const Position& oldPos, int32_t oldStackPos, bool teleport)
{ 

    if (creature == player) {
        if (teleport) {
            sendRemoveTileCreature(creature, oldPos, oldStackPos);
            sendMapDescription(newPos);
        } else {
            NetworkMessage msg = NetworkMessage(getConnection()->getHeader);
            if (oldPos.z == 7 && newPos.z >= 8) {
                RemoveTileCreature(msg, creature, oldPos, oldStackPos);
            } else {
                msg.addByte(0x6D);
                if (oldStackPos < 10) {
                    msg.addPosition(oldPos);
                    msg.addByte(oldStackPos);
                } else {
                    msg.add<uint16_t>(0xFFFF);
                    msg.add<uint32_t>(creature->getID());
                }
                msg.addPosition(newPos);
                    if (otclientV8) {
                        msg.add<uint16_t>(creature->getStepDuration(true));
                    }
            }

            if (newPos.z > oldPos.z) {
                MoveDownCreature(msg, creature, newPos, oldPos);
            } else if (newPos.z < oldPos.z) {
                MoveUpCreature(msg, creature, newPos, oldPos);
            }

            if (oldPos.y > newPos.y) { // north, for old x
                msg.addByte(0x65);
                GetMapDescription(oldPos.x - awareRange.left(), newPos.y - awareRange.top(), newPos.z, awareRange.horizontal(), 1, msg);
            } else if (oldPos.y < newPos.y) { // south, for old x
                msg.addByte(0x67);
                GetMapDescription(oldPos.x - awareRange.left(), newPos.y + awareRange.bottom(), newPos.z, awareRange.horizontal(), 1, msg);
            }

            if (oldPos.x < newPos.x) { // east, [with new y]
                msg.addByte(0x66);
                GetMapDescription(newPos.x + awareRange.right(), newPos.y - awareRange.top(), newPos.z, 1, awareRange.vertical(), msg);
            } else if (oldPos.x > newPos.x) { // west, [with new y]
                msg.addByte(0x68);
                GetMapDescription(newPos.x - awareRange.left(), newPos.y - awareRange.top(), newPos.z, 1, awareRange.vertical(), msg);
            }
            writeToOutputBuffer(msg);
        }
    } else if (canSee(oldPos) && canSee(creature->getPosition())) {
        if (teleport || (oldPos.z == 7 && newPos.z >= 8)) {
            sendRemoveTileCreature(creature, oldPos, oldStackPos);
            sendAddCreature(creature, newPos, newStackPos, false);
        } else {
            NetworkMessage msg = NetworkMessage(getConnection()->getHeader);
            msg.addByte(0x6D);
            if (oldStackPos < 10) {
                msg.addPosition(oldPos);
                msg.addByte(oldStackPos);
            } else {
                msg.add<uint16_t>(0xFFFF);
                msg.add<uint32_t>(creature->getID());
            }
            msg.addPosition(creature->getPosition());
            if (otclientV8) {
                msg.add<uint16_t>(creature->getStepDuration(true));
            }
            writeToOutputBuffer(msg);
          
            checkPredictiveWalking(oldPos);
            checkPredictiveWalking(newPos);
        }
    } else if (canSee(oldPos)) {
        sendRemoveTileCreature(creature, oldPos, oldStackPos);
    } else if (canSee(creature->getPosition())) {
        sendAddCreature(creature, newPos, newStackPos, false);
    }
}

seems that the issue might be related to buffer overflows how much ram you have? also i'm curious why you are setting the NETWORK MESSAGE MAXSIZE to this value?

SixNine · Dec 29, 2023

Obito said:
seems that the issue might be related to buffer overflows how much ram you have? also i'm curious why you are setting the NETWORK MESSAGE MAXSIZE to this value?

Runing 8GB. Cant answer why exactly this value because probably changed it long time ago

Obito · Dec 29, 2023

SixNine said:
Runing 8GB. Cant answer why exactly this value because probably changed it long time ago

how about try scaling back NETWORKMESSAGE_MAXSIZE a bit? maybe set it to its original value in const.h, or try 65500 and see if that helps with the issue.. lemme know what happens

SixNine · Dec 29, 2023

Obito said:
how about try scaling back NETWORKMESSAGE_MAXSIZE a bit? maybe set it to its original value in const.h, or try 65500 and see if that helps with the issue.. lemme know what happens

Well i dont know how it crashed so cant reproduce this crash so changing value wont give me the answer if it helped or not

Gesior.pl · Dec 29, 2023

It called getConnection(), which returned nullptr, because there is no active connection (Tibia client is disconnected) and then tried to read attribute from it using ->getHeader.
This problem was reported at least 2 times on OtLand in last months (ex. TFS 1.2 Gesior, Kondra stat system crash (https://otland.net/threads/tfs-1-2-gesior-kondra-stat-system-crash.287215/#post-2739555) ).

This is not TFS 1.2, it's some custom engine. TFS creates new network packets like this ( forgottenserver/src/protocolgame.cpp at 1.2 · otland/forgottenserver (https://github.com/otland/forgottenserver/blob/1.2/src/protocolgame.cpp#L2467) ):

C++:

NetworkMessage msg;

not like this:

C++:

NetworkMessage msg = NetworkMessage(getConnection()->getHeader);

so it does not require connection to be active to create new network packet. Missing connection will be detected during 'send' and packet will be skipped.

As I've described in TFS 1.2 Gesior, Kondra stat system crash (https://otland.net/threads/tfs-1-2-gesior-kondra-stat-system-crash.287215/#post-2739555)
You must add:

C++:

if (!getConnection()) {
    return;
}

before every call to getConnection() in protocolgame.cpp. It's around 90 places.
Or find out why someone modified NetworkMessage to require parameter and remove these changes.

@SixNine
Can you tell us where did you get this engine from? It's 3rd report in last months and I still don't know what engine it is.

SixNine · Dec 29, 2023

Gesior.pl said:
It called getConnection(), which returned nullptr, because there is no active connection (Tibia client is disconnected) and then tried to read attribute from it using ->getHeader.
This problem was reported at least 2 times on OtLand in last months (ex. TFS 1.2 Gesior, Kondra stat system crash (https://otland.net/threads/tfs-1-2-gesior-kondra-stat-system-crash.287215/#post-2739555) ).

This is not TFS 1.2, it's some custom engine. TFS creates new network packets like this ( forgottenserver/src/protocolgame.cpp at 1.2 · otland/forgottenserver (https://github.com/otland/forgottenserver/blob/1.2/src/protocolgame.cpp#L2467) ):

C++:

NetworkMessage msg;

not like this:

C++:

NetworkMessage msg = NetworkMessage(getConnection()->getHeader);

so it does not require connection to be active to create new network packet. Missing connection will be detected during 'send' and packet will be skipped.

As I've described in TFS 1.2 Gesior, Kondra stat system crash (https://otland.net/threads/tfs-1-2-gesior-kondra-stat-system-crash.287215/#post-2739555)
You must add:

C++:

if (!getConnection()) { return; }

before every call to getConnection() in protocolgame.cpp. It's around 90 places.
Or find out why someone modified NetworkMessage to require parameter and remove these changes.

@SixNine
Can you tell us where did you get this engine from? It's 3rd report in last months and I still don't know what engine it is.

Probably the person that i paid long time ago made it, dont want to mention his name here to ruin his reputation but once i talked with multiple people told me not to work with that guy because he provides terrible code that requires fixing after some time. But thanks for confirming it was again NetworkMessage issue.

Solution if someone gonna have this same issue \/

C++:

void ProtocolGame::sendMoveCreature(const Creature* creature, const Position& newPos, int32_t newStackPos, const Position& oldPos, int32_t oldStackPos, bool teleport)
{   
    auto connection = getConnection();
    if (!connection) {
        return;
    }

    if (creature == player) {
        if (teleport) {
            sendRemoveTileCreature(creature, oldPos, oldStackPos);
            sendMapDescription(newPos);
        } else {
            NetworkMessage msg = NetworkMessage(connection->getHeader);
            if (oldPos.z == 7 && newPos.z >= 8) {
                RemoveTileCreature(msg, creature, oldPos, oldStackPos);
            } else {
                msg.addByte(0x6D);
                if (oldStackPos < 10) {
                    msg.addPosition(oldPos);
                    msg.addByte(oldStackPos);
                } else {
                    msg.add<uint16_t>(0xFFFF);
                    msg.add<uint32_t>(creature->getID());
                }
                msg.addPosition(newPos);
                    if (otclientV8) {
                        msg.add<uint16_t>(creature->getStepDuration(true));
                    }
            }

            if (newPos.z > oldPos.z) {
                MoveDownCreature(msg, creature, newPos, oldPos);
            } else if (newPos.z < oldPos.z) {
                MoveUpCreature(msg, creature, newPos, oldPos);
            }

            if (oldPos.y > newPos.y) { // north, for old x
                msg.addByte(0x65);
                GetMapDescription(oldPos.x - awareRange.left(), newPos.y - awareRange.top(), newPos.z, awareRange.horizontal(), 1, msg);
            } else if (oldPos.y < newPos.y) { // south, for old x
                msg.addByte(0x67);
                GetMapDescription(oldPos.x - awareRange.left(), newPos.y + awareRange.bottom(), newPos.z, awareRange.horizontal(), 1, msg);
            }

            if (oldPos.x < newPos.x) { // east, [with new y]
                msg.addByte(0x66);
                GetMapDescription(newPos.x + awareRange.right(), newPos.y - awareRange.top(), newPos.z, 1, awareRange.vertical(), msg);
            } else if (oldPos.x > newPos.x) { // west, [with new y]
                msg.addByte(0x68);
                GetMapDescription(newPos.x - awareRange.left(), newPos.y - awareRange.top(), newPos.z, 1, awareRange.vertical(), msg);
            }
            writeToOutputBuffer(msg);
        }
    } else if (canSee(oldPos) && canSee(creature->getPosition())) {
        if (teleport || (oldPos.z == 7 && newPos.z >= 8)) {
            sendRemoveTileCreature(creature, oldPos, oldStackPos);
            sendAddCreature(creature, newPos, newStackPos, false);
        } else {
            NetworkMessage msg = NetworkMessage(connection->getHeader);
            msg.addByte(0x6D);
            if (oldStackPos < 10) {
                msg.addPosition(oldPos);
                msg.addByte(oldStackPos);
            } else {
                msg.add<uint16_t>(0xFFFF);
                msg.add<uint32_t>(creature->getID());
            }
            msg.addPosition(creature->getPosition());
            if (otclientV8) {
                msg.add<uint16_t>(creature->getStepDuration(true));
            }
            writeToOutputBuffer(msg);
            
            checkPredictiveWalking(oldPos);
            checkPredictiveWalking(newPos);
        }
    } else if (canSee(oldPos)) {
        sendRemoveTileCreature(creature, oldPos, oldStackPos);
    } else if (canSee(creature->getPosition())) {
        sendAddCreature(creature, newPos, newStackPos, false);
    }
}

TFS 1.2 sendMoveCreature NETWORKMESSAGE crash requires 187696 bytes

SixNine

Active Member

Gesior.pl

Obito

0x1337

SixNine

Active Member

Obito

0x1337

SixNine

Active Member

Gesior.pl

Mega Noob&LOL 2012

SixNine

Active Member

Similar threads